Author: Rusty Russell 2018-06-22 00:32:01
Published on: 2018-06-22T00:32:01+00:00
David A. Harding discusses three potential attacks on the Lightning Network and possible mitigations in a post to the lightning-dev mailing list. The first attack involves a double-spend against an unconfirmed transaction that uses the SIGHASH_NOINPUT flag. The second attack, called a Denial of Service (DoS) against Eltoo settlements, could leave users waiting for more than two weeks for confirmations due to low-fee and large vsize transactions. The third attack involves theft from HTLCs by introducing settlement delays. To mitigate these attacks, Harding suggests reducing the replace-by-fee (RBF) grouping depth to two or delaying propagation of transactions with low fees proportional to their weight. Additionally, he proposes not rejecting low-fee transactions but instead dropping them after 60 seconds if there is no child-pays-for-parent (CPFP) to increase their effective fee rate.
Updated on: 2023-06-13T01:40:15.142979+00:00